# Query parameter signing Your signature helps prove authenticity, and by adding a signature to your URL, this helps prevent imposters pretending to be you. ## How to generate a signature Compute a [hash-based authentication code](https://www.okta.com/uk/identity-101/hmac/#:~:text=Hash%2Dbased%20message%20authentication%20code,function%20and%20a%20secret%20key.) (HMAC) with a SHA-256 hash function. Use your private key as the key and address as input. {% hint style="warning" %} Be sure to always generate signatures from your server side application and never from the client as it would leak the private key. {% endhint %} {% hint style="info" %} All query parameters and their values need to be [URL encoded](https://www.w3schools.com/tags/ref_urlencode.ASP) to ensure signature generation works. {% endhint %} ## Examples ### Signing walletAddress {% code overflow="wrap" %} ```javascript import crypto from "crypto"; const url = 'https://blockchain.com/pay/widget' const walletAddress = "address"; const walletAddressSignature = crypto .createHmac("sha256", "secret-api-key") .update(walletAddress) .digest("hex"); const finalUrl = `${url}?walletAddress=${walletAddress}&walletAddressSignature=${walletAddressSignature}` ``` {% endcode %} ### Signing redirectUrl ```javascript import crypto from "crypto"; const url = 'https://blockchain.com/pay/widget' const redirectUrl = "https://example.com/?additionalParam=data"; const encodedRedirectUrl = encodeURIComponent(redirectUrl); const redirectUrlSignature = crypto .createHmac("sha256", "secret-api-key") .update(encodedRedirectUrl) .digest("hex"); const finalUrl = `${url}?redirectUrl=${encodedRedirectUrl}&redirectUrlSignature=${redirectUrlSignature}` ``` {% hint style="info" %} Don't forget to add your `apiKey` to the URL. Contact your account representative for how to access your secret API key. {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.blockchain.com/pay/getting-started/query-parameter-signing.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.